Concept Paper Outlines - Compiled v2

CYBERSECURITY – Protecting the Financial System By: FCMB and SCB 1

Cybersecurity – Protecting the Financial System In recent times, the changing consumer preference and the race to meet up to international service delivery standards, scale operations and improve operational efficiency has led to rapid adoption of technology, cloud based services and initiation of Application Programming Interface (API) economy among others to drive interconnectivity with other service partners. This drive has led to a proliferation of several digital channels and presented a huge opportunity for delivering products and services in a convenient and enjoyable manner, with the digital connectivity expected to unlock innovation and prosperity around the world. However, as government and corporate organizations increasingly depend on the complex internet enabled business solutions, they also become increasingly vulnerable to cyberattacks on the information and data shared across these channels. Cybercriminals are taking advantage of the borderless playing field and the trust among nation states, corporations and global law enforcement to build their criminal enterprises and launch targeted attacks. And the increasing level of the cyberthreat is now becoming a major obstacle to the collective path to progress. Cost to society The severity of the cyber-attacks has in recent time attained alarming levels with developed economies and high-end global organizations reporting increasing level of attacks. It has caused a lot of havoc to individuals; private and public businesses and even threaten national security and financial health. At corporate level, sensitive company information are stolen and made available to competition, which causes untold embarrassment and reduces the competitive 2

strength of industries. It also leads to loss of revenue, through identity theft, unauthorized access to vital information such as trade secrets and proprietary information. These unquantifiable losses reduce profitability, as more time is spent preventing, troubleshooting or protecting company assets from the side effects of cybercrime, rather than engaging in more productive activities. In September 2018, Facebook experienced a network vulnerability which allowed hackers gain access to user accounts, potentially exposing the personal information of nearly 30 million users. This big security breach further heightened fear, even the huge tech-savvy social media companies are not immune to the cyberattacks. Also at the Marriott-owned Starwood hotel group in 2018, guest information for up to 500 million guests has been compromised, including payment information, names, billing addresses, phone numbers, email addresses, passport numbers among others, leading to Marriott facing a fine of about $123 million from the UK authorities over this breach. And in July 2019, a Silence hacker group were alleged to have stolen over $3 million from Bangladesh's Dutch Bangla Bank. Beyond the hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. High level of cybercrime brings the country’s name into disrepute within the international community, leading to reduction in trade and the inflow of much needed FDIs. Computer security giant McAfee has predicted that: “Nation-state cyberwarfare will become an equalizer, shifting the balance of power in many international relationships just as nuclear weapons did starting in the 1950s”. The national integrity of the globally respected United States electioneering process was called to question recently on the back of alleged cyber interference. Developed economies including the USA, China, Russia etc. have in recent time increased global tension on the back of counter claim on cyber- attacks. Households and individuals are also not immune to the impact of cyber threat, with the unpleasant experiences undermining the digital financial services customer’s finances and overall trust in the financial system. This is even more pronounced among the low-income customers, who are least able to rebound from the losses and the newly banked, whose trust in financial services may be fragile. It remains a big drag on the financial inclusion drive and economic growth agenda of the government. According to a 2018 report by the US based Center for Strategic and International Studies (CSIS) working with McAfee, cybercrime which costs the world’s economy almost $500 billion, or about 0.7% of global income In 2014, more than the income of all but a handful of countries, is now costing the world about $600 billion, or 0.8% of global GDP. While global spending on cybersecurity products and services 3

will top $103 billion in 2019, up 9.4 percent from 2018, with large enterprises having about 500 -1000 employees spending the most. Without doubt the increasing cost of protecting against cyber attacks taking into consideration information asymmetry within the large informal developing economies remain unimaginable The case in Nigeria In the case of Nigeria, the issue of cybercrime and its impact on the Nigerian economy in relations to FDI inflow has increasingly become worrisome. This is becoming more visible with the increasing level of unemployment, as the impact on business confidence is leading multinationals and their parent companies to flee the country and, in some instances, cut their staff strength due to cyber-attacks that has led to fall in profit. Not only is cyber insecurity affecting investments, it is also affecting tourism, acclaimed to be a leading source of foreign exchange globally. With travel warnings issued across the world to foreigners visiting Nigeria either for leisure or to set up businesses, national image is daily being impaired. Responding to the global challenge, the Nigeria government enacted the Cybercrime (Prohibition, Prevention, Etc.) Act in 2015, which prescribes punishment for cybercrime related offences. In tandem with this, the CBN also released the Risk- Based Cybersecurity Framework for Deposit Money Banks and Payment Service Providers in 2018 Despite the above efforts, government, the financial service sector and household in Nigeria have not been immune to the spree of cyber-attacks and data breaches, with mixed cases of phishing attacks, malicious software embedded at payment interfaces and ransomware gaining more traction. According to the “Nigeria Electronic Fraud Forum Annual Report” published by the Central Bank of Nigeria, financial service fraud volume reported in 2018 is the highest seen in the last four years, increasing in volume by about 55%, from about N1.6bn in 2017 to about N2.1bn(US$ 7.1 million) in 2018. With mobile channel fraud taking the lead in both fraud volume and actual loss. This loss is excluding the recorded over 38,000 attempted fraud count valued at over ₦9Billion within the last 12 months. Considering the high penetration rate in Nigeria (68.9%), mobile has become an obvious channel for Nigerians at the bottom of the pyramid to use as they adopt financial services for the first time. EFInA in its 2018 Survey showed that the uptake and usage has been persistently low (at 3.3%), despite its rapid growth in many other emerging markets, with lack of trust being a key obstacle affecting the uptake of mobile financial services in Nigeria 4

Need for collaboration While the global impact of cyber-attacks appears all encompassing, the financial sector appears the most affected as cyber-attacks on all other sectors of the society culminate in financial loss. With the financial sector depending on complex IT systems in order to function and are at the same time linked across the sector via data centers, payment and settlement systems, addressing cyber concerns remains germane to having a sound, reliable and safe financial system. A stable financial system relies, inter alia, on trust that book-entries of transactions are correct and are kept confidential, that settlement of payments and securities trades takes place in a timely manner and that customer-oriented systems are safe and accessible. Repeated cyberattacks on financial sector firms and systems may weaken confidence in the financial system and an extensive cyberattack that compromises critical systems could potentially affect the whole sector or significant parts of it. While individual financial sector stakeholders are developing strong focus on IT security to protect themselves within the scope of their operations, including making their systems resilient to cyberattacks, the multifaceted nature of the cyberthreat exposes each component of the financial system as a potential weak link that could compromise the whole financial system. Hence the very strong justification for collaboration. In the United Kingdom, the biggest insurers and banks have teamed up to create a new organization to defend the country’s financial infrastructure against cyber- attacks. Called “the Financial Sector Cyber Collaboration Centre”, the organization is backed by several banks, insurers and securities exchanges. The body is the brainchild of UK Finance, an amalgamation of six financial trade institutions. The center will also be working with the National Cyber Security Centre (NCSC) and National Crime Agency (NCA). Also, within the European Union block, cybersecurity was identified as one of the main challenges in its 2017 mid-term review of the Digital Single Market. The Network and Information Security (“NIS”) Directive (2016) which is the first piece of EU-wide legislation on cybersecurity. The adopted EU Cybersecurity Act gives ENISA, the EU Cybersecurity Agency, a reinforced role and establishes an EU-wide cybersecurity certification framework for digital products, processes and services. This is complemented by the European Supervisory Authorities’ (“ESA”) advice to improve ICT risk management requirements, streamline incident reporting standards and establish an EU-wide cyber resilience testing framework. Also, recently in June 2019, The Monetary Authority of Singapore (MAS), the Bank of England and the Financial Conduct Authority announced they will be working together 5

to strengthen cyber security in their financial sectors. The collaboration involves MAS and the UK financial authorities identifying effective ways to share information and exploring potential for staff exchanges as hosts to global financial centers and FinTech firms Increasingly, it is becoming apparent that both on the local and global space, given the complex nature of cyber-attacks, collaboration among key stakeholders, guided by firm commitments to the dictates of applicable policies remains the most effective armament to address cyber concerns Paper focus This paper presents an opportunity to further analyze and proffer solutions to the increasing threat in the cyberspace, most especially as it impacts financial services delivery and the drive to increase level of financial inclusion in Nigeria Questions to answer: 1. What is the relevance of Cyber Security to the 2019 Bankers’ Committee Retreat theme of ‘Advancing Digital and Mobile Technology to Impact Sustainable Economic Growth and Development’? a. How will it secure Digital and Mobile Technology innovations that will drive productivity, efficiency and advance sustainable economic growth and social development? b. How will it improve financial inclusion driven by consumer confidence in a safe and secure financial service? 2. What are the head wins and drivers for Nigeria’s financial system? a. Matured regulations and standards e.g. CBN Risk-Based Cybersecurity Framework for Financial Institutions; Information Technology Standard Blueprint etc. 3. What is the level of maturity in Nigeria against global leading practices/capabilities? a. Low information security awareness amongst the workforce and the general population (cyber literacy). b. Lack of research and development in local cyber security space c. Shortage in skills and competence d. Over reliance on foreign OEMs and consultants 6

4. From a gap analysis, which areas require attention? a. Collaboration amongst industry players b. Collaboration amongst policy makers (Alignment of regulations) 5. What are some key facts/statistics? 6. What is the Value at play – opportunity for the financial system/customers? a. Increased consumer confidence leading to improved financial inclusion b. Maximising the benefits of digital innovation 7. Talking points for Retreat participants a. Cyber Resilience – For the Deposit Money Banks (DMBs) and critical financial market infrastructure (FMIs) b. Fintech – Secure innovation c. Cyber security skills shortage d. Collaboration between industry players Questions to answer: 1) What is Nigeria’s cyber security maturity level 2) How adequate are the current cybersecurity policies to protect the financial sector? 3) Is there any capacity or infrastructural limitations affecting cybersecurity implementation? 4) What are the factors promoting cyber risks in the financial landscape? 5) How can the banker’s committee as a body contribute to effective cyber secure financial services landscape? 6) What limitations are the industry players facing in effectively promoting cyber threat awareness among consumers 7

7) What partnership policy initiatives can we promote across arms of the government to increase cyber security responsibilities among all key stakeholders 8) What policy support could regulators provide to deposit money banks to invest more in cyber security A list of feasible solutions that are substantiated with supporting evidence. Questions to answer: 1. What are possible responses/solutions? 2. Is this a new solution or has this solution been implemented in other countries? For both, provide justification and evidence to show that the solution will be effective and workable in Nigeria Financial System – ease of delivery, infrastructure, costs, etc. What are some challenges that might be encountered? 3. How can this solution be implemented? Who are the key stakeholders to implement it? 4. What is the value at stake for Nigeria if these issues/gaps are not addressed? At the end of the session, the panel discussion on the topic “Cybersecurity – Protecting the Financial System “will aim to among other things address: ▪ Ways and means of strengthening technical and capacity challenges affecting effectiveness of cybersecurity especially in the banking context ▪ Recommend new modalities and approaches for managing the impact of cyberattacks on the financial system ▪ Promote policy measures to strengthen the effectiveness of cyber laws as it affects the financial service industry ▪ Provide basis for a shared purpose among key stakeholders to address cybercrime threats and challenges ▪ Reinforce consumer trust in the emerging digital space to drive financial inclusion and safeguard their resources 8

Digital Ecosystems for SMEs By: Joel Nyatse and Tunde Adama 9

Digital Ecosystems for SMEs FSDH Merchant Bank Citibank Nigeria Limited ▪ SME Sectorial Overview o Importance of SMEs to economies (General) – Use of data and statistics from other countries and regions o Importance of SMEs to Nigeria – Contribution to GDP, employment etc. ▪ General trends/ key statistics on Nigerian SMEs (revenues, growth, ownership structure, access to credit etc.) ▪ Define digital ecosystems – what are they and what are they composed of? ▪ Examples of successful digital ecosystems from around the global and African domain (finance industry and other wise) ▪ Benefits of digital ecosystems to participants – partners, customers etc. ▪ Relevance of creating digital ecosystems for SMEs to driving sustainable economic growth and relevance in Nigeria (contribution to GDP, employment etc.) ▪ Ecosystems enable players collaborate to create value for the customer. What are the pain points of Nigerian SMEs? o Presentation and Analyses of questionnaire administered to sample SMEs ▪ Which of these challenges can banks can try to solve via digital ecosystem products and services? o Do existing solutions exist? Where are the opportunities for further product/ service development? o Are solutions being provide by non-bank entities? o Do collaborative opportunities between banks and these entities exist? ▪ Are there legal, regulatory or structural challenges to solving these problems? ▪ How can digital ecosystems be leveraged to enhance value proposition for SMEs (access to funding and markets, skills development, logistics support, financial management etc.) ▪ Challenges faced by banks in supporting Nigerian SMEs. 10

o Recent successes and reasons to be optimistic ▪ What key success factors are critical for developing digital ecosystems (strong user base, diversity of partners, collaboration capabilities etc.) ▪ What strategies should be adopted in building sustainable ecosystems for Nigerian SMEs? ▪ From which other industries can the banking industry identify partners for collaboration? ▪ What types of partnership agreements will be most suited for our market (M&As, Strategic Alliances, Multiple Alliances, Investments etc.) ▪ What capabilities and competences do banks need to develop? ▪ What legal or regulatory hurdles have to be surmounted? ▪ Standardization can help SMEs reduce costs, improve innovation capacity as well as quality of their products and services and thereby enhance their competitiveness. How can we improve standards in the SME space? Talking Points/Considerations for Participants during the Retreat. ▪ What is the outlook for digital and SME ecosystems in Nigeria? ▪ Practical next steps We will require additional members for this workgroup from banks that are active players in the SME space. As such, we are requesting for one member each from GTB/Access Bank and First Bank/Fidelity. 11

‘Streamlining Taxation Through Digital’ By: Access Bank Plc and SCBN Limited 12

Concept Paper Topic Streamlining Taxation through Digital Bank Responsible Standard Chartered Bank Nigeria Limited and Access Bank Plc Adedeji Adesola- Standard Chartered Bank Nigeria Limited Bright Oyasor- Access Bank Plc Aliyu Bakare- Access Bank Plc Albert Einstein said- The hardest thing in the word to understand is income tax. This is imminent in the multiplicity and complexity of tax laws, and the ambiguity in the interpretation of the tax laws. In Nigeria, Tax administration is vested in the three tiers of government. The Federal Inland Revenue Service (FIRS), administered all Taxes payable to the Federal Government, while the State Boards of Internal Revenue (SBIRs) of all the states in the Federation administered the taxes payable to the State Governments. Local Governments also administer rates and levies collectible by them through their various councils. There are a good number of taxes payable by persons doing business in Nigeria. These include Companies' income tax, Personal income tax, Capital gains tax, Value-added tax, Education tax, technology tax, stamp duties, withholding tax and the newly introduced Police trust fund. Penalties are imposed for failure to pay taxes when due. The Nigeria economy for many years (being a mono income economy) had dependent heavily on fund generated from crude oil. However, due to alternative solutions and advancement in technologies in recent times the prices of crude oil have experienced a significant decline. The decline in the price of oil in recent years has led to a decrease in the funds available for distribution to the Federal, State and local Governments. The need for Federal, State & Local Governments to generate adequate revenue from internal sources has thus become a matter of extreme importance. This need underscores the eagerness of all tiers of government to look for new sources of revenue or to become aggressive and innovative in revenue collection from existing sources. Taxation has therefore become one of the most important sources of revenue to the government in terms of the magnitude of revenue derivable, certainty and consistency. Owing to the inherent power of the government to impose and collect taxes, the government is assured always of its tax revenue no matter the circumstances. The Nigeria tax authorities are becoming 13

more aggressive in the area of revenue generation and resorting to underhand tactics to drive revenue, ambiguities in the provisions of the Nigeria tax laws and a host of other reasons. Based on the above, there has been an upward surge in the number of multidimensional requests, enquiries and correspondence from the Federal and State tax authorities. These letters, which sometimes bother on the ridiculous has led to an increase in the frequency of desk reviews and tax audits in Nigeria. QUESTIONS FOR DISCUSSION 1. Given that the tax to GDP ratio in Nigeria is currently about 6%, how can digital technology assist the government to improve this? 2. What are the things we can disruptively do to improve our tax to GDP ratio? We need to move away from the routine and do things differently that will change the status quo. 3. How can digital technological be deployed to minimise incidence of multiple taxation in Nigeria? 4. What are the best ways digital technology can be optimised to simplify tax computation and bring clarity to the various taxes payable by different businesses in Nigeria? 5. How can the complexities in tax laws and administration be eliminated riding on digital technology? 6. How can we deploy digital technology to improve accountability and transparency in the tax space? 7. How can government leverage digital resources to make tax evasion difficult amongst eligible tax payers; and improve collection. 8. What are the likely downsides to using digital technology in taxation and the mitigants that can be employed? 9. i Are there studies / research which confirm that technology has helped other developing economies to increase their tax to GDP ratio? ii. How can Nigeria leverage on the experience of these countries to digitalize its tax system. 10. Although the e-filing system has been introduced into the Nigerian tax system, tax payers still file hard copy tax returns. What can be done to ensure that a full-fledged tax digital technology system proves to be seamless and more efficient for all tax types? 14

11. A large proportion of the Nigerian economy is made up of SMEs who still struggle with their business cost. Given the high cost of tax technology, what will be done to ensure that these businesses are also able to utilize technology in complying with taxation while managing cost? 12. What other areas excluding revenue collection, can digital technology be beneficial to tax processes? 13. Timely communication of tax initiatives and policy changes to various stakeholders is very important. How can FIRS and various States IRS take advantage of digital technology to achieve this? 14. There have been debates over the place of electronic filing in the Nigerian law, therefore do tax authorities in Nigeria have the necessary legal powers to mandate online filing, or to use electronic submissions as evidence in court? 15. In 2018, the percentage of Nigerian who do not use internet was measured to be about 53%. How will these individuals be integrated into a digital tax system where they are required to file their tax returns online? 16. What are the enablers that can improve the level of utilization of technology by all stakeholders in the taxation system? 17. What in your view is the general disposition of companies in Nigeria towards adopting digital technology in their tax functions? Conclusion The Nigerian tax system is faced with numerous challenges, which can be surmounted through the proper deployment of digital technology in our tax space. The questions above should provoke ideas generation which when implemented will improve the Nigerian tax system and enhance the ease of doing business in Nigeria. 15

‘Digital Lending Ecosystem’ By: Union Bank 16

Digital Lending • Union Bank • GTB • Access Bank • Sterling A short introduction of the allocated topic. Questions to answer: 1. What is the relevance of digital lending to ‘Advancing Sustainable Economic Growth and Development’? 2. What are the head wins and drivers for Nigeria’s digital lending ecosystem? 3. What is the level of maturity vs global leading practices/capabilities? A description of gaps in financial system capability compared with leading environments. Questions to answer: 1. What are the gaps with the current system? 2. What is the value at stake for Nigeria if these issues/gaps are not addressed? 3. What are the issues/opportunities for improvement? 4. Can this be quantified? If so, provide quantification 5. What needs to be done? A list of feasible solutions that are substantiated with supporting evidence. 17

Questions to answer: 1) What are possible responses/solutions? 2) Is this a new solution or has this solution been implemented in other countries? For both, provide justification and evidence to show that the solution will be effective and workable in Nigeria Financial System – ease of delivery, infrastructure, costs, etc. What are some challenges that might be encountered? 3) How can this solution be implemented? 4) What enablers need to be put in place? Who are the key stakeholders to implement it? Talking Points/Considerations for Participants during the Retreat. 18